There are various systems that allow users to securely exchange electronic messages such as e-mail and instant messages. To send Internet e-mail, the sender assembles the message contents, affixes to the message the Internet e-mail addresses of the desired recipient(s), possibly invokes a signing scheme that certifies that the message was composed by the sender and not modified in transit, possibly invokes an encryption scheme that secures access to contents of the message by the recipients only, and transmits the message using the Internet e-mail infrastructure.
To exchange information in an Instant Messaging (IM) system, a user authenticates herself to an IM system, selects the recipient among the available community of users, prepares the message contents, and transmits the message through the IM infrastructure. Encryption services may be provided by the IM service based on the credentials of the authenticated users.
FIG. 1 shows a prior art communication architecture 100 that allows a sender 110 and a recipient 120 to exchange an encrypted message Me over a network 130. In this instance, the sender 110 and recipient 120 are part of a community of users that use public/private key pairs for the purposes of digitally signing and encrypting their communication. The Key Server 140 allows the sender 110 and recipient 120 to obtain other users' public keys and participate in the generation and/or controlled access of symmetric key fragments for a given messaging session. A database 142 associated with the Key server 140 keeps information about the sender and the receiver and the keys that they've used. The network 130 can be a local area net (LAN), a wide area net (WAN), the Internet, or any of a number of other types of communication infrastructures.